/** * Forgot Password page. * * Request the email address, because the form is less easily abused this way * (restting another person's password, or spamming another person's emails) * * Still too simplistic, ideally should add another step so that the password * is not automatically reset. * */ public function executeForgotPassword($request) { if ($request->getMethod() != coreRequest::POST) { return coreView::SUCCESS; } // handle the form submission $validator = new coreValidator($this->getActionName()); if ($validator->validate($request->getParameterHolder()->getAll())) { $email_address = trim($request->getParameter('email_address')); $user = UsersPeer::getUserByEmail($email_address); if ($user) { // set new random password $raw_password = strtoupper(substr(md5(rand(100000, 999999)), 0, 8)); // update the password on main site and forum $this->getUser()->changePassword($user['username'], $raw_password); // send email with new password, user username from db here to email user with the // username in the exact CaSe they registered with $mailer = new rtkMail(); $mailer->sendForgotPasswordConfirmation($user['email'], $user['username'], $raw_password); return 'MailSent'; } else { $request->setError('email_invalid', 'Sorry, no user found with that email address.'); return coreView::SUCCESS; } } }